Post Reply 
 
Thread Rating:
  • 3 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Login Form Bypass using Mantra Security Toolkit
01-30-2011, 12:36 PM (This post was last modified: 02-10-2011 03:06 PM by Abhi_M.)
Post: #1
Login Form Bypass using Mantra Security Toolkit
Hi All,

In this tutorial we will try to bypass login form of vulnerable website using Mantra Security Toolkit

What all you need

1. Mantra Security Toolkit - Download

2. A vulnerable website. I'm using a modified version of LAMPSecurity CTF6



Let's begin,

Step 1:

I'm on the home page of the website now

Code:
http://192.168.132.128/

[Image: mantrasecuritytoolkit1.jpg]



Step 2:

Login form of the website

Code:
http://192.168.132.128/?action=login

[Image: mantrasecuritytoolkit2.jpg]



Step 3:

Now we will test the input forms against SQL injection. For that we can use SQL Inject Me tool. It can be launched from Tools > SQL Inject Me > Open SQL Inject Me Sidebar

[Image: mantrasecuritytoolkit3.jpg]



Step 4:

You can see SQL Inject Me sidebar on the right

[Image: mantrasecuritytoolkit4.jpg]



Step 5:

I'm checking all the fields to test.

[Image: mantrasecuritytoolkit5.jpg]



Step 6:

I clicked on "Test all forms with all attacks"

[Image: mantrasecuritytoolkit6.jpg]



Step 7:

Test results says that none of the fields are vulnerable to SQL injection attack. So its confirmed that the website is sanitizing the input

[Image: mantrasecuritytoolkit7.jpg]




Step 8:

Now we will try to see what type of sanitizing mechanism the website is employed. For that we will use Firebug. It can be launched by going to Tools > Firebug > Open Firebug

[Image: mantrasecuritytoolkit9.jpg]




Step 9:

Now that firebug is open. I'm enabling Inspect mode of Firebug clicking on the inspect icon (second one) on the top left corner.

[Image: mantrasecuritytoolkit10.jpg]




Step 10:

I clicked on the login from and Firebug highlighted respective source code. It shows that some type of local JavaScript is used to sanitize the input.

[Image: mantrasecuritytoolkit11.jpg]




Step 11:

For bypassing it, we will use Live HTTP Headers. It can be launched either from sidebar or by going to Tools > Live HTTP Headers

[Image: mantrasecuritytoolkit12.jpg]




Step 12:

Now you can see Live HTTP Headers. The Capture check box must be checked.

[Image: mantrasecuritytoolkit13.jpg]




Step 13:

I went back to the login from and entered some sample values there and pressed on Log In

[Image: mantrasecuritytoolkit14.jpg]



Step 14:

Now I again went back to Live HTTP Headers. We can clearly see that it captured the session.

[Image: mantrasecuritytoolkit15.jpg]




Step 15:

I scrolled it up to find the username, password data field. I clicked on it and pressed on Replay button

[Image: mantrasecuritytoolkit16.jpg]




Step 16:

I'm changing the value little bit to bypass the authentication and clicking on Replay button

[Image: mantrasecuritytoolkit17.jpg]



Step 17:
hmmm. I got an error message. Looks like I should modify the injected code.

[Image: mantrasecuritytoolkit18.jpg]


Step 18:

I modified the code

[Image: mantrasecuritytoolkit19.jpg]



Step 19:

No luck

[Image: mantrasecuritytoolkit20.jpg]



Step 18:

I changed the value again and pressed on Replay button

[Image: mantrasecuritytoolkit21.jpg]



Step 19:

Voila. I'm successfully authenticated.

[Image: mantrasecuritytoolkit22.jpg]



Step 20:

Now that I have got admin access

[Image: mantrasecuritytoolkit23.jpg]


If you wish to completely root the whole server, you can go to this post and follow steps from step 24

Reference:

1. Infond Tutorial

All the Best.!!!

Happy Hacking Smile

Use Mantra forums.
Please do not PM/E-mail me regarding any technical queries straight away.
Find all posts by this user
Quote this message in a reply
01-31-2011, 03:18 AM
Post: #2
RE: Login Form Bypass using Mantra Security Toolkit
nice tutorial, thanks Mantra Team....Smile
Find all posts by this user
Quote this message in a reply
02-06-2011, 11:47 AM
Post: #3
RE: Login Form Bypass using Mantra Security Toolkit
Congratulations for the tutorial. I am learning enough (I am new in this topic, but with desire of learning), but I have some doubts.

I have lowered the file "LAMPSecurity CTF6" but not which is the login and the password. It would be important for you to say to me since I can put it

And if you have some video one explaining the functioning of the Mantra Security Toolkit Beta because it is a marvel, it has an incredible aspect

It is necessary to have a virtual machine or it is possible to do with win7

Thank you and he excuses if my English is not very good.
Find all posts by this user
Quote this message in a reply
02-10-2011, 03:04 PM
Post: #4
RE: Login Form Bypass using Mantra Security Toolkit
^^

Hi camucha,

First of all warm welcome to the Mantra Forums.

Talking about Lamp Security CTF 6 Image, the task is to compromise the system as a black box test. No credential details are given in advance. Please see my reference for more details

Use Mantra forums.
Please do not PM/E-mail me regarding any technical queries straight away.
Find all posts by this user
Quote this message in a reply
07-14-2011, 08:59 AM
Post: #5
RE: Login Form Bypass using Mantra Security Toolkit
wow great tutorial. now i see the big picture on why mantra is so good.its all there.
Find all posts by this user
Quote this message in a reply
09-01-2011, 07:35 AM
Post: #6
RE: Login Form Bypass using Mantra Security Toolkit
Hi i try your tute
for HTTP headers i got

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive

Referer: http://ui.ptlogin2.qq.com/cgi-bin/login?...0110830002

Cookie: pgv_pvid=8479372496; ptui_loginuin=860826153; pt2gguin=o0860826153; verifysession=h00126b13af8b167e78a8bd591e7c4734b50e1e8e9a62fc9105eb7a3a16a3167c8​0ed175ffd57a36ecccc60503f3e39113f; ptisp=; pgv_info=ssid=s3897277469&pgvReferrer=; pvid=9521427064; qm_domain=http://m524.mail.qq.com; qm_qz_key=1_63cf9dcf5a1b07355556b25617485851010a09030e0305070209; qm_sk=860826153&z7nT6vN8; qm_ssum=860826153&; ptui_width=360; ptui_height=313


any idea about this ?
Find all posts by this user
Quote this message in a reply
10-05-2011, 12:51 PM
Post: #7
RE: Login Form Bypass using Mantra Security Toolkit
Congratulations :-)
Very well explained tutorial. Mantra is definitely gona make my life easier Cool

[French] www.n-pn.info -> White Hat Hackers
Tutorials, Downloads, Challenges, Board, Services, IRC Chat and more
Find all posts by this user
Quote this message in a reply
05-12-2012, 08:24 PM
Post: #8
RE: Login Form Bypass using Mantra Security Toolkit
Thank you Mr. Abhi_M

Now I know why some sqli doesnt work, it is because of javascript which prevent the query.

Thanks for the tutorial now I know what to do if the javascript want block the SQLi query.
Find all posts by this user
Quote this message in a reply
05-05-2013, 08:00 AM
Post: #9
RE: Login Form Bypass using Mantra Security Toolkit
Hello Abhi_M,

I was trying your tutorial, the problem is i was not able to find the SQL InjectMe Sidebar. Please can you help me with that. There is no option of SQL InjectMe in my Mantra Framework.
Find all posts by this user
Quote this message in a reply
05-17-2013, 01:49 PM
Post: #10
RE: Login Form Bypass using Mantra Security Toolkit
(05-05-2013 08:00 AM)Karan321 Wrote:  Hello Abhi_M,

I was trying your tutorial, the problem is i was not able to find the SQL InjectMe Sidebar. Please can you help me with that. There is no option of SQL InjectMe in my Mantra Framework.

SQLInjectMe is disabled by default and you can enable it easily by going to Addons Manager (Ctrl + Shift + A). Many of the users complains that it longer works fine as it is used to do in the past. Your mileage may vary.

Use Mantra forums.
Please do not PM/E-mail me regarding any technical queries straight away.
Find all posts by this user
Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  bypass admin page thedanielaaa95 3 5,759 12-29-2013 02:45 PM
Last Post: Akhi4hacker
Video OWASP Bricks - Advanced SQL injection Content page #3 with Mantra Abhi_M 4 3,656 10-31-2013 04:05 AM
Last Post: Boewk36
Photo OWASP Bricks Login page #4 SQL Injection Abhi_M 0 4,465 09-07-2013 02:53 AM
Last Post: Abhi_M
Video OWASP Bricks - SQL injection on log in page #3 with Mantra Abhi_M 0 2,466 07-13-2013 12:02 PM
Last Post: Abhi_M
Video File upload page content type verification bypass with OWASP Bricks and Mantra Abhi_M 0 2,048 07-06-2013 02:52 AM
Last Post: Abhi_M